Rethinking information security in the New Digital Age
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  security guardium data-security
0 Comments | 3,002 Visits
This post was contributed by Luis Casco-Arias, Senior Market Manager for IBM Security.
As technology evolves and becomes more ubiquitous, it is imperative to re-think our approach to information security. Initially, the few key IT assets to be protected belonged to enterprises, and few people had the expertise or resources to access them. It sufficed to implement a security strategy that had the right access controls, and to protect the enterprise by erecting firewalls to fence out outsiders, or deploying antivirus software to protect the inside. Turn the page a few decades ahead, and now we are in a digital world that is practically available to everyone. Not only do people have devices (mobile or otherwise) to connect amongst themselves and to businesses, but connectivity is considered almost a birth right. Our dependency on these digital computerized environments has grown integral to our life and work.
In turn, this openness dynamic has created a vast amount of data to be handled. In many cases this data is very sensitive, not only to businesses, but to individuals, and to the point that major regulations now revolve around its protection. New technologies have spawned to help us deal with this data, such as: Web 2.0, Cloud computing, virtualization, and Big Data. Effectively, these technologies have helped offload some of the burden of managing, communicating, or analyzing this data, in many cases, outside the realms of the enterprise. It is then puzzling when we see that enterprises continue to rely by inertia only on perimeter security to protect their digital assets. We are experiencing a paradigm shift in enterprise security, which requires not only that we care about perimeter security, but that IT security expands protection to the data itself, wherever it resides.
Evidence of the significance of data can be found in the latest security breach and trend reports, such as those published by Verizon and the IBM X-Force. There are many types of cyber attacks and risks threatening the enterprise: simple, sophisticated; original, copycat; external hackers, internal privileged users; targeted, random. They can even have different drivers or motivators: egomania, obstructing business, shaming, stealing or damaging resources, stealing or changing information. However, as trends go, regardless of the attack vector, the objective of the breaches involves getting to sensitive data in more than 90% of the cases. Therefore, it makes a whole lot of sense to directly protect this sensitive data across the board. The good news is that there are technologies that can help us get there effectively and efficiently. A good place to start is to look for solutions that address the following areas: data discovery and classification, real-time data activity monitoring and alerting, data resource vulnerability scanning, data encryption and masking, data loss prevention, and data audit and compliance automation. Ensure that these solutions cover all of your data and application resources, and that they link well with other IT and Security solutions. After all, security is like a chain, and data security and compliance is its last link (which does not need to be a weak link anymore).
Connect with IBM Security on Twitter @ibmsecurity.